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DETAILED ACTION 
Claim Rejections - 35 USC §102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

Claims 1, 3-19, 26-38, 40-60 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Williams (U.S. Patent 6,304,973 Bl). 

Regarding claims 1, 9, 10, 26, 28, 34, 40, 45, 55 and 58, Williams teaches a security 
network system 10 (see figures 1) that operates by providing security at layer-3 and multi-level 
security as well ( providing multilevel security; see col.4, lines 25-35). The network 10 
comprises one or more network systems of one or more types ( see fig.l. network 10 comprises 
local Lans 5 and 20; see col.6, lines 42-55). Refer to Fig.4, multiple layer security is shown in 
Regions B and C to provide security to the network, but operate at different layers of the OSI 
model (see col.9, lines 10-50). For instance, region B operates by providing layer-3 security 
protection (i.e. encryption) that ensures communication secrecy in the network (see col.9, lines 
15-25). Region C, however, operates by providing layer-4 security protection in the same 
network as region B (see col.9, lines 40-50). As described above, encryption is performed, and is 
handled by a security processing engine or security device 18, the complete processing 
explanation for security device 18 is described in detail in col.9, lines 15-25. Williams further 
discloses a remote direct memory access in the hardware ( claims 9, 34, 40, 45, 55, 58; fig. 8, 
security device 40 including an Internal system RAM 54; see col. 19, lines 40 to col.20, line 5). 
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Regarding claims 27, 31, 52, further with reference to the above discussion regarding 
claim 1, Williams teaches a unique policy driver (see (0032)) used to set up the hardware to 
handle the enforcement of policy rules, and where the policy is in the form of a software driver 
and handled by a central manager device (DAC) (see (0129)). William further discloses that host 
computer 14 comprises TCP/IP protocol stack running at layer 4 protocol ( see col.9, lines 40- 
50). 

Regarding claims 3 and 1 1, the central manager and security policy software is set up on 
a network system to comply with the security policy (see (0129)). 

Regarding claims 4 and 12, the network security policies are compiles and enforced 
based on rules (see (0066)). 

Regarding claims 5 and 13, the network security is based on rules for layers 2-4 (see 
figure 4). 

Regarding claims 6 and 14, the network security system provides support for DES and 
3DES (see (0032)). 

Regarding claims 7 and 15, the network security policies are executed via a processor 
(see (0149)). 

Regarding claims 8 and 16, the network system provides counter attack services (see 
(0032)). 

Regarding claim 9, the network security policies are enforced based on rules (see (0066)). 
Regarding claim 10, the network includes a remote memory access capability over the Internet 
30 (see (0236) and figure 14). 

Regarding claims 17, 18, the network security system uses a UNIX server (see (0093)). 
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Regarding claim 19, the network security system includes packet header processing (see 
figure 5). 

Regarding claims 50, 51, Williams teaches most of the above described features. 
Williams further discloses a programmable rule processing engine for analyzing network traffic 
for security rule matching ( NSC 12 verifies authentication and receives reports of security 
relevant occurrences from security device 18. The security reports are logged and examined 
later for potential security violation; see col. 18, lines 5-30). 

Regarding claims 29, 30, 33, 35-38, 41-44, 46-49, 53, 54, 56, 57, 59 and 60 are rejected 
because they depend on claims 28, 31, 34, 40, 45, 52, 55, 58. 

Regarding claim 32, the limitations of this claim has been addressed in claim 1, 2, 9. 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 2, 20-25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Williams in view of Twomey (U.S. Patent Application No. 2003/0131228). 
Williams teaches all of the above described features, however, Williams is silent regarding a 
storage area network (SAN). Twomey discloses a system for a SAN that handles both secure and 
regular types of network security (see(0027, 41, 44, 47) processing packets based on security 
protocols such Ipsec, AH or ESP protocols ). Motivation to combine the SAN of Twomey with 
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the security network of Williams is evident from the background portions of their respective 
specifications. For instance, Williams discloses the need for security networks that operate at 
various layers of the network layer hierarchy and provide centralized administration to prevent 
unauthorized parties from accessing a private network (see (0025). Similarly, Twomey discloses 
the need to provide encryption for a network system to prevent unauthorized access to a private 
network (see (00341). The system includes a security processor for handling 
secure data traffic and utilizes security protocols (i.e. Ipsec; see paragphs (44, 47 fig.4). 
Therefore, it would have been obvious to one of ordinary skilled in the art at the time the 
invention was made to have combined these two network security systems to arrive at the 
features disclosed in claim 2. Further, claims 20-25 are disclosed in Williams, as indicated above 
with respect to the discussions for claims 3-10. 

Response to Arguments 
Applicant's arguments filed on 3/20/06 have been fully considered but they are not 
persuasive. 

In claims 1, 2 and 26, Applicant argues that Williams does not disclose a plurality of one 
or more network systems comprising a hardware processor providing transport layer protocol 
processing and multiple protocol layer security. 

Examiner believes that Williams discloses a plurality of one or more network systems ( 
see fig.l, local Lan 20) comprising a hardware processor (comprises a network security 
controller 12) providing transport layer protocol processing ( providing a network layer-3 
security via a security NIC 18) and multiple protocol layer security (see Abstract and col.4, lines 
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25-35 and col. 10, lines 55-65; allowing trusted users to access outside information, Internet, 
while stopping outside attackers at their point of entry. At the same time, limit an insider to 
information defined in a particular security profile). 

Applicant further argues from what paragraph in the office action that region C provides 
layer-4 security. In Williams, region C includes host computers 14, server 16, TCP/IP protocol 
stack, application user program and users. IP runs at layer 3; TCP/UDP run at layer 4; and 
application protocol runs at layer 79 (see col.9, lines 40-50). Region C provides not only at lay-4 
but also at layers 3 and 7 ( multiple security protection). 

Further in claim 2, with all features taught by Williams in claim 1 and described above in 
term of multiple security layer, Twomey discloses that SAN 16 process packets accodance to 
security protocols (see(0027, 41, 44, 47) including Ipsec, AH or ESP protocols). It is believed 
that the combination of Twomey with Williams should arrrive the claimed features including a 
storage network processing multiple security level. 

In claim 9, Applicant argues that Williams does not disclose a remote direct memory 
access. Applicant is directed to fig.8, which shows a security device 40 including an Internal 
system RAM 54; see col. 19, lines 40 to col.20, line 5. 

In claim 27, applicant argues that William does not disclose the hardware processor 
providing a protocol processing stack. Williams discloses that host computer 14 comprises 
TCP/IP protocol stack running at layer 4 protocol ( see col.9, lines 40-50). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Hanh Nguyen whose telephone number is 571 272 3092. The 
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examiner can normally be reached on Monday-FRiday from 8:30 to 4:30. The examiner can also 
be reached on alternate 

If attempts to reach the examiner by telephone are unsuccessful, the examinees 
supervisor, Ahmad Matar, can be reached on 571 272 7488. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
Hanh Nguyen 





